Overview

overview

10

Static

static

10

262c8df6e4...3N.exe

windows7-x64

10

262c8df6e4...3N.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    114s
  • max time network
    118s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11-01-2025 18:58

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    262c8df6e40fb859d452bee94bca2726bedf0f6f8122890f3d4cb2186b1c97f3N.exe

  • Size

    80KB

  • MD5

    101d5cd00c4defa5eeaa89725f7f0df0

  • SHA1

    4fa0c6aed99fb5f63437ca7591a1e952b56bf285

  • SHA256

    262c8df6e40fb859d452bee94bca2726bedf0f6f8122890f3d4cb2186b1c97f3

  • SHA512

    0dea35cf236cac8ae34d6e71a1e5431b5f5cab5fbbc8d5ba808994c7383fdb722a3e7a28f3d2d83e42aad8843aa6adb75538b210ef79038fb1593228b1aea407

  • SSDEEP

    1536:ad9dseIOcE93bIvYvZEyF4EEOF6N4yS+AQmZcl/52izbR9XwzJ:6dseIOMEZEyFjEOFqTiQmOl/5xPvwV

Score
10/10
neconyddiscoverytrojan

Malware Config

Extracted

Family

neconyd

C2

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Signatures

  • Neconyd

    Neconyd is a trojan written in C++.

    trojanneconyd
  • Neconyd family
    neconyd
  • Executes dropped EXE 2 IoCs
  • Drops file in System32 directory 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\262c8df6e40fb859d452bee94bca2726bedf0f6f8122890f3d4cb2186b1c97f3N.exe
    "C:\Users\Admin\AppData\Local\Temp\262c8df6e40fb859d452bee94bca2726bedf0f6f8122890f3d4cb2186b1c97f3N.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:3520
    • C:\Users\Admin\AppData\Roaming\omsecor.exe
      C:\Users\Admin\AppData\Roaming\omsecor.exe
      2⤵
      • Executes dropped EXE
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:1848
      • C:\Windows\SysWOW64\omsecor.exe
        C:\Windows\System32\omsecor.exe
        3⤵
        • Executes dropped EXE
        • Drops file in System32 directory
        • System Location Discovery: System Language Discovery
        PID:2932

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\omsecor.exe
    Filesize

    80KB

    MD5

    1beb4d67d24d37bc26fa174684fd6cdf

    SHA1

    da15db4289eac1e14fc5daf2059c8d0963e38a37

    SHA256

    1ac8b9ce6a3d3dc8ecf51f697252a06703ef63805f9d06e980b4a2411816fee2

    SHA512

    1be516c21e06affbe23c2baadf5fd1b20c258bae431d7fb7784c66cb3849ae6a11aedc886243c2b59a974e732f951dc4b5346dfa0712b6f33d8868df76a62f25

    Download Submit

  • C:\Windows\SysWOW64\omsecor.exe
    Filesize

    80KB

    MD5

    cf09d5d03e44f0ef978dbe8fe50cb497

    SHA1

    ed63894d5cf21907857ac13e050836dfccadbc35

    SHA256

    9f7aedc304590a6fb232ec55dd409f0e8842483e6795b64c1580897754aea4d8

    SHA512

    0a0f2f71c557d36156b3e18e8d2de717e90779778a9603d021f4f75e37de0e77b19e2a6293cbc5d45b36bb750a02564cdfe719ab7ab3faf9c1246315976dec02

    Download Submit